Merge "Fix venv installation of Letsencrypt certbot"
This commit is contained in:
commit
c06b4a09e9
|
@ -75,6 +75,7 @@ haproxy_ssl_bind_options: "force-tlsv12"
|
||||||
haproxy_ssl_letsencrypt_enable: false
|
haproxy_ssl_letsencrypt_enable: false
|
||||||
haproxy_ssl_letsencrypt_email: "example@example.com"
|
haproxy_ssl_letsencrypt_email: "example@example.com"
|
||||||
haproxy_ssl_letsencrypt_download_url: "https://dl.eff.org/certbot-auto"
|
haproxy_ssl_letsencrypt_download_url: "https://dl.eff.org/certbot-auto"
|
||||||
|
haproxy_ssl_letsencrypt_venv: "/opt/eff.org/certbot/venv"
|
||||||
haproxy_ssl_letsencrypt_config_path: "/etc/letsencrypt/live"
|
haproxy_ssl_letsencrypt_config_path: "/etc/letsencrypt/live"
|
||||||
haproxy_ssl_letsencrypt_install_path: "/opt/letsencrypt"
|
haproxy_ssl_letsencrypt_install_path: "/opt/letsencrypt"
|
||||||
haproxy_ssl_letsencrypt_cron_minute: "0"
|
haproxy_ssl_letsencrypt_cron_minute: "0"
|
||||||
|
|
|
@ -35,6 +35,14 @@
|
||||||
path: "{{ haproxy_ssl_letsencrypt_config_path }}/{{ external_lb_vip_address }}"
|
path: "{{ haproxy_ssl_letsencrypt_config_path }}/{{ external_lb_vip_address }}"
|
||||||
register: lcdatadir
|
register: lcdatadir
|
||||||
|
|
||||||
|
- name: Install certbot
|
||||||
|
shell: >
|
||||||
|
PIP_INDEX_URL="https://pypi.org/simple/"
|
||||||
|
{{ haproxy_ssl_letsencrypt_install_path }}/{{ haproxy_ssl_letsencrypt_download_url | basename }}
|
||||||
|
--install-only
|
||||||
|
args:
|
||||||
|
creates: "{{ haproxy_ssl_letsencrypt_venv }}"
|
||||||
|
|
||||||
- name: Stop haproxy for certbot activity
|
- name: Stop haproxy for certbot activity
|
||||||
service:
|
service:
|
||||||
name: "haproxy"
|
name: "haproxy"
|
||||||
|
@ -51,11 +59,12 @@
|
||||||
--rsa-key-size 4096
|
--rsa-key-size 4096
|
||||||
--email {{ haproxy_ssl_letsencrypt_email }}
|
--email {{ haproxy_ssl_letsencrypt_email }}
|
||||||
--domains {{ external_lb_vip_address }}
|
--domains {{ external_lb_vip_address }}
|
||||||
creates: "{{ haproxy_ssl_letsencrypt_config_path }}/{{ external_lb_vip_address }}/fullchain.pem"
|
args:
|
||||||
|
creates: "{{ haproxy_ssl_letsencrypt_config_path }}/{{ external_lb_vip_address }}-0001/fullchain.pem"
|
||||||
|
|
||||||
- name: Create new pem file for haproxy
|
- name: Create new pem file for haproxy
|
||||||
assemble:
|
assemble:
|
||||||
src: "{{ haproxy_ssl_letsencrypt_config_path }}/{{ external_lb_vip_address }}"
|
src: "{{ haproxy_ssl_letsencrypt_config_path }}/{{ external_lb_vip_address }}-0001"
|
||||||
dest: "/etc/ssl/private/haproxy.pem"
|
dest: "/etc/ssl/private/haproxy.pem"
|
||||||
regexp: '(privkey|fullchain).pem$'
|
regexp: '(privkey|fullchain).pem$'
|
||||||
notify:
|
notify:
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# renew cert if required and copy to haproxy destination
|
# renew cert if required and copy to haproxy destination
|
||||||
|
|
||||||
certbot renew \
|
{{ haproxy_ssl_letsencrypt_venv }}/bin/certbot renew \
|
||||||
--standalone \
|
--standalone \
|
||||||
--pre-hook "systemctl stop haproxy" \
|
--pre-hook "systemctl stop haproxy" \
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue